50 Commits

Author SHA1 Message Date
Zuul
822bd996b3 Merge "Support separate oslo.messaging services for RPC and Notification" 2018-04-25 04:43:46 +00:00
Andrew Smith
78bc457585 Support separate oslo.messaging services for RPC and Notification
This commit introduces oslo.messaging services in place of a single
rabbitmq server. This will enable the separation of rpc and
notifications for the continued use of a single backend (e.g.
rabbitmq server) or a dual backend for the messaging communications.

This patch:
* add oslo_messaging_rpc and oslo_messaging_notify services
* add puppet services for rpc and notification
  (rabbitmq and qdrouterd servers)
* add docker services to deploy rpc (rabbitmq or qdrouterd)
  and notify (rabbitmq or shared)
* retains rabbit parameters for core services
* update resource registries, service_net_map, roles, etc.
* update ci environment container scenarios
* add environment generator for messaging
* add release note

Depends-On: Ic2c1a58526febefc1703da5fec12ff68dcc0efa0
Depends-On: I154e2fe6f66b296b9b643627d57696e5178e1815
Depends-On: I03e99d35ed043cf11bea9b7462058bd80f4d99da
Needed-By: Ie181a92731e254b7f613ad25fee6cc37e985c315
Change-Id: I934561612d26befd88a9053262836b47bdf4efb0
2018-04-22 04:33:44 +00:00
Zuul
0bf8943f05 Merge "undercloud: deploy SSH service" 2018-04-20 11:11:47 +00:00
Zuul
4e1e6528c7 Merge "Add Barbican to the list of services for the undercloud" 2018-04-19 10:06:43 +00:00
Emilien Macchi
ae61a031a6 undercloud: deploy SSH service
For parity with non containerized undercloud, add SSH service on the
undercloud.

Change-Id: Ia642c7d54acbc89630f79a8e64e7798c1a25d23f
2018-04-18 19:18:32 -07:00
Zuul
628cd0e390 Merge "Add Ironic Networking Baremetal Templates" 2018-04-18 05:52:20 +00:00
Juan Antonio Osorio Robles
252f56175c Add Barbican to the list of services for the undercloud
It's disabled by default, and will be an option to use if we decide to
enable Swift volume encryption for the undercloud.

Change-Id: I9c5e07a2eb764168670d5de7bdeb4b6362f9bfb5
2018-04-16 15:59:11 +00:00
Emilien Macchi
d86025593b Handle undercloud upgrades via host_prep_tasks
Using host_prep_tasks interface to handle undercloud teardown before we
run the undercloud install.
The reason of not using upgrade_tasks is because the existing tasks were
created for the overcloud upgrade first and there are too much logic
right now so we can easily re-use the bits for the undercloud. In the
future, we'll probably use upgrade_tasks for both the undercloud and
overcloud but right now this is not possible and a simple way to move
forward was to implement these tasks that work fine for the undercloud
containerization case.

Workflow will be:
- Services will be stopped and disabled (except mariadb)
- Neutron DB will be renamed, then mariadb stopped & disabled
- Remove cron jobs
- All packages will be upgraded with yum update.

Change-Id: I36be7f398dcd91e332687c6222b3ccbb9cd74ad2
2018-04-12 18:14:28 -07:00
Harald Jensas
5203e43979 Add Ironic Networking Baremetal Templates
Ironic neutron agent will be installed on controller nodes, or
networker nodes, when environments/services/ironic.yaml or
environments/services-docker/ironic.yaml is used.

It should also be enabled on undercloud.

Also enables ``baremetal`` ML2 mechanism driver on undercloud.

Depends-On: Ic1f44414e187393d35e1382a42d384760d5757ef
Depends-On: I3c40f84052a41ed440758b971975c5c81ace4225
Change-Id: I0b4ef83a5383ff9726f6d69e0394fc544c381a7e
2018-04-12 23:59:34 +02:00
Emilien Macchi
04b898d0c1 Implement MasqueradeNetworks services
To port what has been done in instack-undercloud, we need a new service
to manage IPtables rules when we need to redirect network through the
undercloud via masquerading.
It was done in instack-undercloud via bash, it'll now be done in THT via
a service, disabled by default and that will be activated in CI when
deploying with a containerized undercloud.

Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: Ic9a2626e73d132c3be7ff14a1f4cdba0c16c5b53
Change-Id: I93ff9a3bebcec1bc7ee188f9ec00feafca2c5117
2018-03-27 17:22:02 +02:00
Zuul
7c466fb751 Merge "docker: add support for TripleO UI" 2018-03-17 11:38:01 +00:00
Honza Pokorny
7cbe28b5ef docker: add support for TripleO UI
Co-Authored-By: Martin André <m.andre@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Partially-Implements: bp tripleo-ui-undercloud-container
Change-Id: I1109d19e586958ac4225107108ff90187da30edd
2018-03-15 23:43:17 +01:00
Juan Antonio Osorio Robles
781e1b2b4c Add novajoin service
This adds the relevant templates to enable novajoin in a containerized
undercloud environment. Note that this is not meant for the overcloud
(yet), and since there are several limitations that need to be addressed
first. This is meant for the containerized undercloud.

Depends-On: Iea461f66b8f4e3b01a0498e566a2c3684144df80
Depends-On: Ia733b436d5ebd0710253c070ec47a655036e0751
Depends-On: I554125fd6b48e620370f9e3a6061bbdc1d55b0ae
Change-Id: I3aad8a90816e6fc443f20579f6ac7ad4f35eafcb
2018-03-14 13:55:16 +00:00
Chandan Kumar
38387ada75 Added t-h-t for tempest container
It adds a fake tempest service in order to make tempest
container available on undercloud.

Change-Id: If580292572ee5a11a41f68752a6ffe8a99f066e7
2018-03-12 06:42:15 +00:00
Emilien Macchi
05a0f6cdec Add TripleOFirewall service to undercloud roles
... so we can configure IPtables on containerized undercloud.

Depends-On: https://review.openstack.org/545367
Change-Id: I9f8c3d18938926257456388fd15e8eeb2e2868fd
2018-02-17 01:42:06 +00:00
Emilien Macchi
9d9289cf6d undercloud: remove duplicate Neutron Server entry
... or the deployment fails since we try to deploy twice the
OS::TripleO::Services::NeutronApi service.

Change-Id: I92d5d037074494c40fb2b1968985a95ffd2fae12
2018-02-17 01:42:01 +00:00
Pradeep Kilambi
7a5d5a8e1b Add tls roles for undercloud
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Ian Main <imain@redhat.com>

Change-Id: Icca382db28e4ea57f3cbf24e9e794b428b824db5
2018-02-15 00:00:05 +00:00
lhinds
7e68dbdf8c Implements AIDE Intrusion Detection System
Introduces a service to configure AIDE Intrusion Detection.

This service init's the database and copies the new database
to the active naming. It also sets a cron job, using email if
`AideEmail` is populated, otherwise the reports are sent to
`/var/log/aide/`.

AIDE rules can be supplied as a hash, and should the rules ever
be changed, the service will populate the new rules and re-init
a fresh integrity database.

Related-Blueprint: tripleo-aide-database
Depends-On: Iac2ceb7fc6b610f8920ae6f75faa2885f3edf6eb
Change-Id: I23d8ba2c43e907372fe079026df1fca5fa1c9881
2018-01-15 13:10:16 +00:00
Zuul
ef6d97c543 Merge "Telemetry Needs Redis" 2018-01-08 18:21:24 +00:00
Emilien Macchi
6a6872f390 Introduce OS::TripleO::Services::Rhsm
Background:
extraconfig/pre_deploy/rhel-registration interface has been maintained
for some time now but it's missing some features and the code overlaps
with ongoing efforts to convert everything to Ansible.

Plan:
Consume ansible-role-redhat-subscription from TripleO, so all the logics
goes into the Ansible role, and not in TripleO anymore.
The single parameter exposed to TripleO is RhsmVars and any Ansible
parameter can be given to make the role working.
The parameter can be overriden per roles, so we can think at specific
cases were some Director roles would have specific RHSM configs.
Once we have feature parity between what is done and what was here
before, we'll deprecate the old interface.

Testing:
Because RHSM can't be tested on CentOS, this code was manually tested on
RHEL against the public subscription portal. Also, we verified that
generated Ansible playbooks were correct and called the role with the
right parameters.

Documentation:
We'll work on documentation during the following weeks and explain
how to switch from the previous interface to the new one, and also
document new uses requested by our users.

Change-Id: I8610e4f1f8478f2dcbe3afc319981df914ce1780
2017-12-27 11:03:49 -08:00
Ian Main
b54135fc3a Telemetry Needs Redis
Add redis to the undercloud when telemetry is added.

Change-Id: I5fc235e6f77efba73ab1858e959357a954c7b7a3
2017-12-27 17:29:18 +00:00
Dan Prince
cec41586f7 Add docker-registry service
This is required for the containerized undercloud.

Change-Id: I542a19c084f37aaafd72378857af4f379f335a39
2017-12-27 01:41:50 +00:00
lhinds
502fde7a64 Implements management of /etc/login.defs
Enables management of shadow password directives in login.defs

By allowing operators to set values in login.defs, they are able
to improve password security for newly created system accounts.

This change will in turn allow operators to adhere with security
hardening frameworks, such as STIG DISA & CIS Security Benchmarks.

bp login-defs

Change-Id: Id4fe88cb9569f18f27f94c35b5c27a85fe7947ae
Depends-On: Iec8c032adb44593da3770d3c6bb5a4655e463637
2017-11-29 09:23:25 +00:00
Zuul
4fa81458d4 Merge "Undercloud: Add router for IPv6 ctlplane subnet" 2017-11-27 23:08:23 +00:00
Zuul
f0be3d1f0d Merge "Add Docker service to the undercloud roles" 2017-11-16 15:25:09 +00:00
Dan Prince
ef78b46338 Undercloud: Add router for IPv6 ctlplane subnet
A router is needed so that router advertisements are send out for
the subnet. Also add the router plugin and start the l3 agent
which are responsible for the router handling.

Change-Id: I2c7c6232d00a11f550ad186f94ce628090ec93ed
2017-11-13 14:20:32 -05:00
Pradeep Kilambi
07ce5c4bae Add undercloud cinder roles and environment files
If enable_cinder is true in undercloud.conf, we will need to include
these env files to setup cinder containers.

Change-Id: I208347c52ac5ad24a54aade0be23a31f5bdd4249
2017-11-10 16:39:04 +00:00
Dan Prince
f0b4b0dffe Add Docker service to the undercloud roles
This patch adds the Docker service to the default undercloud
roles data. By default Docker is set to OS::Heat::None.
When using environments/docker.yaml however it will get set
to puppet/service/docker.yaml which will facilitate installing
the Docker service early in the deployment at step 1.

Change-Id: I2d569eef136254dc81bdee93a7869fd361a8400d
2017-11-09 12:18:13 +11:00
Brad P. Crochet
95a7a27fcb Add Mistral event engine
Mistral has an event engine to trigger cron-type events. Let's use it.

Change-Id: I15b48bd7a501608b1fad64fea8d4f9822946dcb2
Depends-On: I71f556c96ed7c2bbafacab4b2f66874effbd8b73
2017-09-28 06:55:46 -04:00
Bogdan Dobrelya
8a03456056 Add logrotate with crond service
Add a docker service template to provide containerized services
logs rotation with a crond job.
Add OS::TripleO::Services::LogrotateCrond to CI multinode-containers
and to all environments among with generic services like Ntp or Kernel.
Set it to OS::Heat::None for non containerized environments and
only enable it to the environments/docker.yaml.

Closes-bug: #1700912

Change-Id: Ic94373f0a0758e9959e1f896481780674437147d
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-08-21 08:56:29 +02:00
Joe Talerico
c2b2cc555a Adding Tuned Service
Allow the user to set a specific Tuned profile on a given host.

Defaults to throughput-performance

Change-Id: I0c66193d2733b7a82ad44b1cd0d2187dd732065a
2017-07-25 17:08:37 +00:00
Dan Prince
5b77325687 Drop MongoDB from the undercloud
This patch drops MongoDB from the undercloud and swaps
in a 'swift' and 'sqlalchemy' versions for the Zaqar
backends.

Change-Id: Ic6600f284dfbf4360b42598d3651b4c0f8046d1c
2017-07-23 22:29:02 +00:00
Alex Schultz
2eb1476b6e Add in roles data validation
With the merging of Iad3e9b215c6f21ba761c8360bb7ed531e34520e6 the
roles_data.yaml should be generated with tripleoclient rather than
edited. This change adds in a pep8 task to verify that the appropriate
role files in roles/ have been modified to match how our default
roles_data.yaml is constructed.  Additionally this change adds a new tox
target called 'genrolesdata' that will all you to automatically generate
roles_data.yaml and roles_data_undercloud.yaml

Change-Id: I5eb15443a131a122d1a4abf6fc15a3ac3e15941b
Related-Blueprint: example-custom-role-environments
2017-07-07 09:51:40 -06:00
Jenkins
6faea7a26b Merge "Add templates to configure Ironic inspector" 2017-06-16 15:48:15 +00:00
Jenkins
d95394a01c Merge "Containerize Ceilometer Agent Ipmi" 2017-06-15 13:05:36 +00:00
Pradeep Kilambi
0849c76ca6 Containerize Ceilometer Agent Ipmi
Depends-On: I3e865f2e9b6935eb3dfa4b4579c803f0127848ae

Change-Id: I09327a63d238a130b6ac0f2361f80e2b244b4b52
2017-06-13 20:51:39 +00:00
Dan Prince
15c93fdbd9 Move iscsid to a container
This configures iscsid so that it runs as a container on
relevant roles (undercloud, controller, compute, and volume).
When the iscsid docker service is provision it will also run
an ansible snippet that disables the iscsid.socket on the host
OS thus disabling the hosts systemd from auto-starting iscsid
as it normally does.

Co-Authored-By: Jon Bernard <jobernar@redhat.com>

Change-Id: I2ea741ad978f166e199d47ed1b52369e9b031f1f
2017-06-12 10:04:58 -04:00
Dan Prince
19ef017f31 Add templates to configure Ironic inspector
Implements: blueprint ironic-inspector-composable-service
Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: I825516f9f5c2b0c03a3f497d6954022714aab988
2017-06-09 16:11:08 +02:00
Alex Schultz
0b259c8d39 Standardize example role definitions
As we create new standard roles, we should include them from a single
location for ease of use and to reduce the duplication of the role
definitions elsewhere. This change adds a roles folder to the THT that
can be used with the new roles commands in python-tripleoclient by the
end user to generate a roles_data.yaml from a standard set of roles.

Depends-On: I326bae5bdee088e03aa89128d253612ef89e5c0c
Change-Id: Iad3e9b215c6f21ba761c8360bb7ed531e34520e6
Related-Blueprint: example-custom-role-environments
2017-06-07 20:20:03 +00:00
Pradeep Kilambi
2d85067b9f Containerize Ceilometer Agents
Depends-on: I30ba93f76171e5993b5f0e1d7f1f5533acb25740

Closes-bug: #1668925

Change-Id: I3cb61d2d8765f9c2601bb00c4bfa24162883b96a
2017-05-16 14:44:35 +00:00
Pradeep Kilambi
f8b5cacfd9 Disable Telemetry services on undercloud containers
We dont deploy telemetry by default on undercloud anymore.
Lets disable by default and provide an env file to enable
on demand.

Change-Id: I03807b3b75bb038c2d2bb342f3327e6eca2f3976
2017-05-01 18:17:46 +00:00
Alex Schultz
be274f1f49 Add tags to roles
Prior to Ocata, the Controller role was hardcoded for various lookups.
When we switched to having the primary role name being dynamically
pulled from the roles_data.yaml using the first role as the primary
role as part of I36df7fa86c2ff40026d59f02248af529a4a81861, it
introduced a regression for folks who had previously been using
a custom roles file without the Controller being listed first.

Instead of relying on the position of the role in the roles data, this
change adds the concepts of tags to the role data that can be used when
looking for specific functionality within the deployment process. If
no roles are specified with this the tags indicating a 'primary'
'controller', it will fall back to using  the first role listed in the
roles data as the primary role.

Change-Id: Id3377e7d7dcc88ba9a61ca9ef1fb669949714f65
Closes-Bug: #1677374
2017-04-12 06:55:29 -06:00
Flavio Percoco
f10847ce08 Containerize panko api service
Co-Authored-By: Pradeep Kilambi <pkilambi@redhat.com>

Closes-bug: #1668918

Change-Id: Ie1ebd25965bd2dbad2a22161da0022bad0b9e554
2017-03-17 14:30:11 +00:00
Pradeep Kilambi
b800b141bf Containerize gnocchi services
Closes-bug: #1668928

Change-Id: I291df31be97c3d55cddb3924482aa5976a79c2b1
2017-03-13 11:41:09 -04:00
Pradeep Kilambi
459e124a8c Containerize Aodh alarm services
Closes-bug: #1668930

Change-Id: If5dff4388b255373083e164a74aaacd529a94111
2017-03-10 08:34:28 -05:00
Dan Prince
151d614ab3 Enable IronicPxe in the undercloud
This enables the IronicPxe services which are split out
into separate templates for the containerized undercloud.

Change-Id: I0ec3cefec9b47ef3c59de6972541ef9b560aacb7
2017-03-02 15:11:10 -05:00
Jenkins
97488b8ba3 Merge "Remove Glance Registry service" 2017-01-18 00:05:11 +00:00
Emilien Macchi
26ae162564 Nova Placement API composable service
Add support to deploy Nova Placement API service in TripleO.

Change-Id: Ie41ebc362a0695c8f55419e231100c63007405ed
2017-01-17 16:23:16 +00:00
Emilien Macchi
4ccb27ab81 Remove Glance Registry service
Glance registry is not required for the v2 of the API and there are
plans to deprecate it in the glance community.

Let's remove v1 support since it has been deprecated for a while in
Glance.

Depends-On: I77db1e1789fba0fb8ac014d6d1f8f5a8ae98ae84
Co-Authored: Flavio Percoco <flaper87@gmail.com>
Change-Id: I0cd722e8c5a43fd19336e23a7fada71c257a8e2d
2017-01-16 17:04:19 -05:00
Dan Prince
b1fe2e8d60 Template and role support for the undercloud
Add a new roles data YAML file and environment to help
create the undercloud via t-h-t.

Partially-implements: blueprint heat-undercloud

Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
2017-01-06 20:01:14 -05:00